...
Current File(s): conf/intercept/warning-intercept-config.xml
Format: Native Spring, Velocity
Table of Contents |
---|
Overview
The "warning" interceptor flow is a generalization of the older "expiring-password" flow that supports an arbitrary number of conditions and warning views at the same time in support of multiple use cases without requiring duplication of and creation of custom webflows by the deployer. It can support the original expiring password use case but is not limited to that. Nor in fact is the original flow limited to that use case, but this makes that generality clearer and corrects some confusing behavior in the original.
...
The bean named shibboleth.warning.ConditionMap in conf/intercept/warning-intercept-config.xml must be defined by you with the condition(s) you want to test and the additional information needed to control the warning process. Each map entry represents a unique warning, and the map is iterated over to test for and present all applicable views.
The keys in the Map are view template names resolved relative to views/intercept/ (e.g. the key "mywarning" would normally resolve to a template in idp.home/views/intercept/mywarning.vm
The Map values are beans of type Pair<Predicate<ProfileRequestContext>,Duration>> (the complex type is needed to associate both the necessary settings with the map key).
...
The second element of the pair is a Duration value representing the interval between warnings. Setting this to a zero value will cause the warning to appear on every request, while any other value represents an interval during which the warning will not appear.
...
The view templates can largely be modeled on existing views, particularly the expiring-password.vm file, which illustrates how to advance the flow forward. For reference the variables generally available to the views are:
Name / Type | Type | Description |
---|---|---|
flowExecutionUrl | URL | The URL to redirect to in order to advance the flow |
flowRequestContext | RequestContext | Instance of Spring Web Flow's org.springframework.webflow.execution.RequestContext for the flow conversation |
flowExecutionKey | String | An encoded portion of the flowExecutionUrl representing the flow state |
profileRequestContext | Root of the IdP's request state tree | |
encoder | An encoder useful for making view content safe | |
request | Servlet request object | |
response | Servlet response object | |
environment | Environment | Instance of org.springframework.core.env.Environment object |
custom | Object | shibboleth.CustomViewContext bean optionally defined by deployer for use in views |
Replacement of Expiring Password Flow
This flow can essentially replace the original one by reversing the sense of the condition applied in that particular flow's configuration, and utilizing "expiring-password" as a map key (or just renaming the view template).
Reference
Localtabgroup | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
The following bean is expected to be defined in conf/intercept/warning-intercept-config.xml:
The following property can be defined in any of the consumed property files (such as idp.properties):
|